Researchers Demonstrate Exploitation of Online Advertisement Networks

The Register reported on 31st July, 2013 that security researchers have shown how hackers can use ad networks to create ephemeral and hard-to-trace botnets which can perform distributed-denial-of-service (DDoS) attacks at the click of a button.

Jeremiah Grossman, CTO of WhiteHat Security and Matt Johansen, Manager of Threat Research at WhiteHat security gave a presentation at the Blackhat Conference in Las Vegas on Wednesday, 31st July, 2013 demonstrating a real world malicious attack where advertisement servers were maneuvered into serving up code which caused web browsers to connect to targeted websites.

The 'Million Browser Botnet' took benefit of the actuality that users at ad networks usually don't have skills or awareness to categorize malicious JavaScript (JS) code. Securityweek.com reported on 1st August, 2013 quoting Grossman and Johansen saying that if the foe managed to insert code into a well-known website then the consequential botnet may perhaps be so big to become unstoppable."

Threatpost.com published a report on 31st July, 2013 quoting Grossman saying "When you go to any webpage, that page controls your browser as long as you are there to make any request for any location on the planet. So the nature of the problem is that when you insert code on an advertisement network, it gets in frontage of loads of users and we control lot of web browsers which is the web infrastructure. When you go to a website, it pulls in images and resources from all over the Web and you are able to do that. We are using exactly the same features to our advantage."

Theregister.co.uk published a report on 31st July, 2013 quoting Johansen of WhiteHat answering his own question "What's the benefit of hacking this way - why not do a traditional DDoS attack ?" by saying "There is no trace of these. The JS (referring JavaScript) gets served up and it goes away which is very easy."

Johansen said that the only way to trace this WhiteHat would be to go to ad network and use the credit card to buy the malicious adverts and it's not very difficult for hackers to illegally and secretly gain access to credit cards.

» SPAMfighter News - 8/9/2013